Check if current user is logged in by the remember me filter in Spring Security

Question

How can I programmatically check if a user is logged in with the remember me filter in Spring Security?

E.g. how to do this in a Spring Controller

@RequestMapping({"/sell-all-assets"})
public String sellAllAssets(Model model, HttpServletRequest request) {
    if (isRememberMeAuthenticated()) {
        return "redirect:/login";
    } else {
        accountService.sellAllAssets(getCurrentUser());
        return "pages/myaccount";
    }
}

public static boolean isRememberMeAuthenticated() {
    ???
}

Answer 1

Looks like the AuthenticationTrustResolverImpl class contained the code that answered my question. Here it is

public static boolean isRememberMeAuthenticated() {
    // Check authentication exists
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return false;
    }

    return RememberMeAuthenticationToken.class.isAssignableFrom(authentication.getClass());
}

Answer 2

Why do it yourself. Spring Security can do that for you.

<intercept-url pattern="/sell-all-assets" access="hasRole("user") and isFullyAutheticated()"/>

See http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#overview for more information.

Answer 3

To add a little more to Deinum answer,

isRememberMe() - Returns true if the current principal is a remember-me user
isAuthenticated() - Returns true if the user is not anonymous
isFullyAuthenticated()- Returns true if the user is not an anonymous or a remember-me user